CN113747440A - Network access control method and device for terminal device and storage medium - Google Patents
Network access control method and device for terminal device and storage medium Download PDFInfo
- Publication number
- CN113747440A CN113747440A CN202010408938.2A CN202010408938A CN113747440A CN 113747440 A CN113747440 A CN 113747440A CN 202010408938 A CN202010408938 A CN 202010408938A CN 113747440 A CN113747440 A CN 113747440A
- Authority
- CN
- China
- Prior art keywords
- network
- terminal device
- terminal equipment
- network access
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
Abstract
The invention discloses a network access control method, equipment and a storage medium of terminal equipment, and belongs to the technical field of network communication. The method comprises the following steps: acquiring a 4G network access request sent by terminal equipment; determining whether to reject the terminal equipment to access the 4G network or not according to the 4G network access request; and if determining that the terminal equipment is rejected to access the 4G network, sending rejection information to the terminal equipment, wherein the rejection information comprises a preset reason value, and the preset reason value is used for enabling the terminal equipment to stop sending the 4G network access request. The technical scheme of the invention can avoid that the terminal equipment continuously initiates the 4G network access request for accessing the 4G network after receiving the message of refusing to access the network, and simultaneously avoid the terminal equipment from impacting the 4G MME (4G mobility management entity), thereby improving the performance index of the 4G access success rate.
Description
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to a network access control method and device for a terminal device, and a storage medium.
Background
With the development of 5G technology, the coexistence of 4G/5G network is now being entered. When the core network type subscribed by the terminal device is restricted to EPC or the operator policy to which the terminal device belongs is set to restrict 4G access, the terminal device cannot access 4G, and if the terminal device sends an access 4G request to a 4G MME (4G mobility management entity, mainly responsible for signaling processing and mobility management), the 4G MME sends a message of denying access to the network to the terminal device according to the procedure. However, at present, after receiving the message of denying network access, the terminal device may continuously initiate a request for accessing to 4G, which causes an impact on a 4G MME (4G mobility management entity), and even affects a performance index of a 4G access success rate.
Therefore, how to avoid the problem that the terminal device continuously initiates the access 4G request after receiving the message of refusing to access the network becomes an urgent need to be solved.
Disclosure of Invention
The main purpose of the embodiments of the present invention is to provide a network access control method, device and storage medium for a terminal device, where when the terminal device is rejected to access a 4G network, reject information including a preset cause value is sent to the terminal device, so that it is possible to avoid that the terminal device continuously initiates a request for accessing the 4G network after receiving a message for rejecting the network access, and at the same time, it is also avoided that the terminal device causes impact on a 4G MME (4G mobility management entity), thereby improving a performance index of a 4G access success rate.
In order to achieve the above object, an embodiment of the present invention provides a network access control method for a terminal device, where the method includes the following steps:
acquiring a 4G network access request sent by terminal equipment;
determining whether to reject the terminal equipment to access the 4G network or not according to the 4G network access request;
and if determining that the terminal equipment is rejected to access the 4G network, sending rejection information to the terminal equipment, wherein the rejection information comprises a preset reason value, and the preset reason value is used for enabling the terminal equipment to stop sending the 4G network access request.
In order to achieve the above object, an embodiment of the present invention further provides a network access control device of a terminal device, where the device includes a memory, a processor, a program stored in the memory and executable on the processor, and a data bus for implementing connection communication between the processor and the memory, and the program implements the steps of the foregoing method when executed by the processor.
In order to achieve the above object, an embodiment of the present invention further provides another network access control method for a terminal device, where the method includes the following steps:
sending a 4G network access request to a 4G mobility management entity;
and if rejection information sent by the 4G mobility management entity is received and the rejection information comprises a preset reason value, stopping sending the 4G network access request.
To achieve the above object, the present invention provides a storage medium for a computer-readable storage, the storage medium storing one or more programs, the one or more programs being executable by one or more processors to implement the steps of the aforementioned method.
The network access control method, the network access control device and the storage medium of the terminal device provided by the invention have the advantages that after the 4G network access request sent by the terminal device is obtained, whether the terminal device is refused to access the 4G network or not is determined according to the 4G network access request, if the terminal device is determined to be refused to access the 4G network, refusal information is sent to the terminal device, the refusal information comprises a preset reason value, and the preset reason value is used for enabling the terminal device to stop sending the 4G network access request. Therefore, the technical scheme can avoid that the terminal equipment continuously initiates the 4G network access request for accessing the 4G after receiving the message of refusing to access the network, and simultaneously avoid that the terminal equipment impacts a 4G MME (4G mobility management entity), thereby improving the performance index of the 4G access success rate.
Drawings
Fig. 1 is a flowchart of a network access control method for a terminal device according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating determining whether to deny the terminal device access according to the 4G network access request in fig. 1;
fig. 3 is a flowchart of a network access control method applied to a terminal device when the terminal device sends an attach request according to a second embodiment of the present invention;
fig. 4 is a block diagram of a network access control method applied to a terminal device when the terminal device sends an attach request according to a second embodiment of the present invention;
fig. 5 is a flowchart of determining whether to deny the access of the terminal device according to the attach request in fig. 3;
fig. 6 is a flowchart of a network access control method applied to a terminal device when the terminal device sends a TAU request according to a third embodiment of the present invention;
fig. 7 is a block diagram of a network access control method applied to a terminal device when the terminal device sends a TAU request according to a third embodiment of the present invention;
fig. 8 is a flowchart of determining whether to deny the access of the terminal device according to the TAU request in fig. 6;
fig. 9 is a flowchart of another network access control method for a terminal device according to a fourth embodiment of the present invention;
fig. 10 is a schematic block diagram of a structure of a computer device according to a fifth embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The flow diagrams depicted in the figures are merely illustrative and do not necessarily include all of the elements and operations/steps, nor do they necessarily have to be performed in the order depicted. For example, some operations/steps may be decomposed, combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the following description, suffixes such as "module", "part", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no peculiar meaning in itself. Thus, "module", "component" or "unit" may be used mixedly.
Example one
Fig. 1 is a network access control method of a terminal device according to this embodiment, where the method is applicable to a 4G MME (4G mobility management entity), and the following description is made by applying the method to the 4G MME.
As shown in fig. 1, the method comprises the steps of:
step S110: and acquiring a 4G network access request sent by the terminal equipment.
Specifically, the 4G MME acquires a 4G network access request sent by the terminal device. Illustratively, the 4G network access request of the terminal device includes an attach request and/or a TAU request sent by the terminal device. The terminal device may be an electronic device such as a mobile phone, a tablet computer, a notebook computer, a desktop computer, a personal digital assistant, and a wearable device, and specifically, the terminal device carries a SIM card (Subscriber Identity Module) or is provided with a virtual SIM card.
For example, the terminal device initiates an Attach Request, sends an Attach Request message for connecting to the 4G network to the 4G MME, and initiates an Attach procedure to connect to the 4G network; or, for example, the terminal device sends a TAU Request message to the 4G MME requesting initiation of a TAU procedure to connect to the 4G network. The attachment process is a process in which the terminal device registers on the 4G MME, and is a first process after the terminal device is powered on. The attachment process comprises the steps of mutual authentication between the terminal equipment and the 4G MME, position registration of the terminal equipment and the like, and after the attachment process is completed, the terminal equipment can be accessed to the 4G network. TAU (Tracking Area Update), when a mobile station moves from one TA to another TA, location registration must be re-performed on the new TA to inform the network to change its stored location information of the mobile station. If the 4G MME passes the TAU Request of a terminal device, the terminal device may access the 4G network.
Step S120: and determining whether to reject the access of the terminal equipment according to the 4G network access request.
Specifically, if the core network type subscribed by the terminal device is restricted to the EPC core network or the terminal device operator policy information is restricted to the 4G access, which indicates that the terminal device cannot access the 4G network, it is determined to deny the terminal device from accessing the 4G network.
The subscription information of the terminal equipment comprises the restriction information of the terminal equipment, namely, whether the terminal equipment is restricted to access the 4G network can be determined through the subscription information. The 4G network access request includes user information, such as IMSI, IMEI, and the like, and the subscription information of the terminal device can be acquired according to the 4G network access request. Based on this, the specific flow of step S120 of the method is shown in fig. 2, and includes the following steps:
step S121: and acquiring the subscription information of the terminal equipment from a user database according to the 4G network access request.
Specifically, the 4G MME acquires, to an HSS (Home Subscriber Server), subscription information related to the terminal device according to the 4G network access request sent by the terminal device. Exemplarily, the 4G MME sends an Update Location Request message to the HSS according to the 4G network access Request sent by the terminal device, and obtains subscription information of the terminal device through an Update Location Answer (Location Update response) returned by the HSS.
In order to ensure the network access security of the terminal device, the 4G MME initiates an authentication security procedure to the terminal device to ensure the network access security of the terminal device before acquiring the subscription information of the terminal device from the user database according to the 4G network access request. The steps are as follows: and initiating an authentication security flow to the terminal equipment, and determining whether to acquire the subscription information of the terminal equipment from a user database according to the 4G network access request according to the feedback of the terminal equipment. Specifically, the 4G MME sends an Authentication Request message to the terminal device according to an Authentication vector, such as an EPS security vector, to authenticate the terminal device, and then the 4G MME determines whether to acquire subscription information of the terminal device from a user database according to the Authentication Response message returned by the terminal device according to the 4G network access Request. If the Authentication is determined to be successful according to the Authentication Response message returned by the terminal equipment, the 4G MME determines to acquire the subscription information of the terminal equipment from a user database according to the 4G network access request; and if the Authentication is determined to be unsuccessful according to the Authentication Response message returned by the terminal equipment, the 4G MME determines not to acquire the subscription information of the terminal equipment from a user database according to the 4G network access request.
Illustratively, before initiating the authentication security procedure to the terminal device, the method further includes the following steps:
and acquiring an authentication vector, wherein the authentication vector is used for initiating an authentication security process to the terminal equipment.
Specifically, the 4G MME EPS sends an Authentication Information Request message to the HSS to obtain an Authentication Information Answer message responded by the HSS, where the Authentication Information Answer message includes an Authentication vector, such as an EPS security vector, and the Authentication vector is used to initiate an Authentication security procedure to the terminal device.
Illustratively, to further ensure the Security of network access of the terminal device, when the 4G MME initiates an authentication Security procedure to the terminal device, the 4G MME sends a Security Request message to the terminal device, so that the terminal device encrypts according to the Security Request message, and specifically, the 4G MME may determine whether the terminal device encrypts according to a Security Response message returned by the terminal device.
Step S122: and determining whether to reject the terminal equipment to access the 4G network or not according to the subscription information.
The subscription information of the terminal device includes Restriction information of the terminal device, for example, includes subscription core network Type Restriction (core Type Restriction) information and/or operator policy information, and the Restriction information is used to determine whether to deny the terminal device from accessing the 4G network.
Illustratively, the determining whether to deny the terminal device from accessing the 4G network according to the subscription information may include the following steps:
and determining whether to reject the terminal equipment to access the 4G network or not according to the signed core network type restriction information and/or the operator policy information.
Specifically, if the contracted core network type restriction information of the terminal device is EPC and/or the operator policy information of the terminal device is restriction of 4G access, the 4G MME rejects the terminal device to access the 4G network.
Step S130: and if determining that the terminal equipment is rejected to access the 4G network, sending rejection information to the terminal equipment, wherein the rejection information comprises a preset reason value, and the preset reason value is used for enabling the terminal equipment to stop sending the 4G network access request.
In order to avoid the situation that the terminal equipment continues to initiate the access to the 4G after receiving the message of refusing the network access, a reason value is preset, and the preset reason value is used for enabling the terminal equipment to stop sending the 4G network access request. Illustratively, the preset cause value may be S1 mode not allowed. When the 4G MME determines to reject the terminal equipment to access the 4G network, reject information containing a preset reason value is sent to the terminal equipment, so that the terminal equipment stops sending the 4G network access request, the impact of the terminal equipment on the 4G MME is avoided, and meanwhile, the performance index of the 4G access success rate is also improved.
For example, if it is determined that the terminal device is rejected from accessing the 4G network, sending rejection information to the terminal device may specifically include: if the fact that the terminal equipment is refused to access the 4G network is determined, and the reason that the terminal equipment is refused to access the 4G network is determined to be a preset reason, a preset reason value corresponding to the preset reason is obtained, the preset reason value is sent to the terminal equipment, and the preset reason value is used for enabling the terminal equipment to stop sending the 4G network access request.
In order to improve the network access efficiency of the terminal device, the preset cause value is further used for enabling the terminal device to send a 5G network access request to a 5G MME (5G mobility management entity), that is, after the terminal device receives the preset cause value, the terminal device starts to send the 5G network access request to the 5G MME to access the 5G network.
In the network access control method for a terminal device, after acquiring a 4G network access request sent by the terminal device, it is determined whether to deny the terminal device from accessing the 4G network according to the 4G network access request, and if it is determined to deny the terminal device from accessing the 4G network, reject information is sent to the terminal device, where the reject information includes a preset cause value, and the preset cause value is used to stop sending the 4G network access request by the terminal device, so that the terminal device can be prevented from continuously initiating a 4G network access request for accessing the 4G network after receiving a network access denial message, and meanwhile, the terminal device is prevented from impacting a 4G MME, and performance indexes of a 4G access success rate are improved.
Example two
Fig. 3 is a network access control method applied to a terminal device when the terminal device sends an attach request according to this embodiment, where the method is applicable to a 4G MME (4G mobility management entity), and the following description is performed by applying the method to the 4G MME.
Exemplarily, when a terminal device initiates registration to a 4G MME, for example, when the device is powered on to initiate an attach to the 4G MME, if the 4G MME determines that the information of the subscribed core network Type Restriction (core Type Restriction) of the terminal device is an EPC core network according to a received attach request, the attach request is rejected, so that the terminal device stops sending the attach request, meanwhile, the terminal device is prevented from causing impact on the 4G MME, and a performance index of a 4G access success rate is improved.
As shown in fig. 3, the method comprises the steps of:
step S210: and acquiring an attachment request sent by the terminal equipment, wherein the attachment request is used for requesting to access the 4G network.
Exemplarily, as shown in fig. 4, the terminal device sends an Attach Request message for connecting to the 4G network to the 4G MME, where the Attach Request message is used to initiate an Attach procedure to Request to access to the 4G network. The terminal equipment can be electronic equipment such as a mobile phone, a tablet computer, a notebook computer, a desktop computer, a personal digital assistant and wearable equipment. Specifically, the terminal device is equipped with a SIM card (Subscriber Identity Module) or a virtual SIM card. The attachment process is a process in which the terminal device registers on the 4G MME, and is a first process after the terminal device is powered on. The attachment process comprises the steps of mutual authentication between the terminal equipment and the 4G MME, position registration of the terminal equipment and the like, and after the attachment process is completed, the terminal equipment can be accessed to the 4G network.
Step S220: and determining whether to reject the access of the terminal equipment or not according to the attachment request.
Specifically, if the core network type subscribed by the terminal device is restricted to EPC or the terminal device operator policy information is restricted to 4G access, the terminal device cannot access to the 4G network, so that the 4G MME determines to reject the terminal device to access to the 4G network, and if the terminal device does not restrict 4G access, the 4G MME determines to accept the terminal device to access to the 4G network.
The subscription information of the terminal equipment comprises the restriction information of the terminal equipment, namely, whether the terminal equipment is restricted to access the 4G network can be determined through the subscription information. The attach request includes user information, such as IMSI, IMEI, etc., so that the subscription information of the terminal device can be obtained according to the attach request. Based on this, the specific flow of step S220 of the method is shown in fig. 5, and includes the following steps:
step S221: and acquiring the subscription information of the terminal equipment from a user database according to the attachment request.
Specifically, the 4G MME acquires, according to the attach request sent by the terminal device, subscription information related to the terminal device from a Home Subscriber Server (HSS). Exemplarily, the 4G MME sends an Update Location Request message to the HSS according to the attach Request sent by the terminal device, and acquires subscription information of the terminal device through an Update Location Answer (Location Update response) returned by the HSS.
In order to ensure the network access security of the terminal device, the 4G MME initiates an authentication security procedure to the terminal device to ensure the network access security of the terminal device before acquiring the subscription information of the terminal device from the user database according to the attach request. The steps are as follows: and initiating an authentication security flow to the terminal equipment, and determining whether to acquire the subscription information of the terminal equipment from a user database according to the attachment request according to the feedback of the terminal equipment. Specifically, the 4G MME sends an Authentication Request message to the terminal device according to the Authentication vector, authenticates the terminal device, and then the 4G MME determines whether to acquire subscription information of the terminal device from a user database according to the attachment Request according to an Authentication Response message returned by the terminal device. If the Authentication is determined to be successful according to the Authentication Response message returned by the terminal equipment, the 4G MME determines to acquire the subscription information of the terminal equipment from a user database according to the attachment request; and if the Authentication is determined to be unsuccessful according to the Authentication Response message returned by the terminal equipment, the 4G MME determines not to acquire the subscription information of the terminal equipment from a user database according to the attachment request.
If there is no Authentication vector before the 4G MME sends the Authentication Request message to the terminal device, before initiating an Authentication security procedure to the terminal device, the method further includes the following steps:
and acquiring an authentication vector, wherein the authentication vector is used for initiating an authentication security process to the terminal equipment.
Specifically, the 4G MME EPS sends an Authentication Information Request message to the HSS to obtain an Authentication Information Answer message responded by the HSS, where the Authentication Information Answer message includes an Authentication vector, such as an EPS security vector, and the Authentication vector is used to initiate an Authentication security procedure to the terminal device.
Illustratively, to further ensure the Security of network access of the terminal device, when the 4G MME initiates an authentication Security procedure to the terminal device, the 4G MME sends a Security Request message to the terminal device, so that the terminal device encrypts according to the Security Request message, and specifically, the 4G MME may determine whether the terminal device encrypts according to a Security Response message returned by the terminal device.
Step S222: and determining whether to reject the terminal equipment to access the 4G network or not according to the subscription information.
The subscription information of the terminal device includes Restriction information of the terminal device, for example, includes subscription core network Type Restriction (core Type Restriction) information and/or operator policy information, and the Restriction information is used to determine whether to deny the terminal device from accessing the 4G network.
Illustratively, the determining whether to deny the terminal device from accessing the 4G network according to the subscription information may include the following steps:
and determining whether to reject the terminal equipment to access the 4G network or not according to the signed core network type restriction information and/or the operator policy information.
Specifically, if the contracted core network type restriction information of the terminal device is EPC and/or the operator policy information of the terminal device is restriction of 4G access, the 4G MME rejects the terminal device to access the 4G network.
Step S230: and if the terminal equipment is determined to be refused to access the 4G network, refusing information is sent to the terminal equipment, wherein the refusing information comprises a preset reason value, and the preset reason value is used for enabling the terminal equipment to stop sending the attachment request.
In order to avoid the situation that the terminal equipment continues to initiate the access to the 4G after receiving the message of refusing to access the network, a reason value is preset, and the preset reason value is used for enabling the terminal equipment to stop sending the attachment request. Illustratively, the preset cause value may be S1 mode not allowed. And when the 4G MME determines to reject the terminal equipment to access the 4G network, sending rejection information containing a preset reason value to the terminal equipment so that the terminal equipment stops sending the attachment request, avoiding the impact of the terminal equipment on the 4G MME, and simultaneously improving the performance index of the 4G access success rate.
For example, if it is determined that the terminal device is rejected from accessing the 4G network, sending rejection information to the terminal device may specifically include: if the fact that the terminal equipment is refused to access the 4G network is determined, and the reason that the terminal equipment is refused to access the 4G network is determined to be a preset reason, a preset reason value corresponding to the preset reason is obtained, the preset reason value is sent to the terminal equipment, and the preset reason value is used for enabling the terminal equipment to stop sending the attachment request.
In order to improve the network access efficiency of the terminal device, the preset cause value is further used for enabling the terminal device to send a 5G network access request to a 5G MME (5G mobility management entity), that is, after the terminal device receives the preset cause value, the terminal device starts to send the 5G network access request to the 5G MME to access the 5G network.
In the network access control method applied to the terminal device when the terminal device sends the attach request, after the attach request sent by the terminal device to access the 4G network is obtained, whether the terminal device is rejected to access the 4G network is determined according to the attach request, if the terminal device is determined to be rejected to access the 4G network, reject information is sent to the terminal device, where the reject information includes a preset cause value, and the preset cause value is used for causing the terminal device to stop sending the attach request, so that the terminal device can be prevented from continuously initiating the attach request for accessing the 4G network after receiving the message for rejecting the network access, meanwhile, the terminal device is prevented from impacting the 4G network, and the performance index of the 4G access success rate is improved.
EXAMPLE III
Fig. 6 is a network access control method applied to a terminal device when the terminal device sends a TAU request according to this embodiment, where the method is applicable to a 4G MME (4G mobility management entity), and the following description is performed by applying the method to the 4G MME.
Illustratively, when a terminal device initiates a TAU request to a 4G MME, if the 4G MME determines that the terminal device operator policy information is to restrict 4G access according to the received TAU request, the terminal device rejects the TAU request, so that the terminal device stops sending the TAU request, and meanwhile, the terminal device is prevented from causing impact on the 4G MME, and the performance index of the 4G access success rate is improved. Among them, a TAU (Tracking Area Update) is that when a mobile station moves from one TA (Tracking Area) to another TA, it must re-register its location on the new TA to inform the network to change its stored location information of the mobile station. If the 4G MME passes the TAU Request of a terminal device, the terminal device may access the 4G network.
As shown in fig. 6, the method comprises the steps of:
step S310: and acquiring a TAU request sent by the terminal equipment, wherein the TAU request is used for requesting to access the 4G network.
Exemplarily, as shown in fig. 7, the terminal device sends a TAU Request message for connecting to the 4G network to the 4G MME, where the TAU Request message is used for requesting to access to the 4G network. The terminal equipment can be electronic equipment such as a mobile phone, a tablet computer, a notebook computer, a desktop computer, a personal digital assistant and wearable equipment. Specifically, the terminal device is equipped with a SIM card (Subscriber Identity Module) or a virtual SIM card.
Step S320: and determining whether to reject the access of the terminal equipment according to the TAU request.
Specifically, if the core network type subscribed by the terminal device is restricted to EPC or the terminal device operator policy information is restricted to 4G access, the terminal device cannot access to the 4G network, so that the 4G MME determines to reject the terminal device to access to the 4G network, and if the terminal device does not restrict 4G access, the 4G MME determines to accept the terminal device to access to the 4G network.
The subscription information of the terminal equipment comprises the restriction information of the terminal equipment, namely, whether the terminal equipment is restricted to access the 4G network can be determined through the subscription information. The TAU request includes user information, such as IMSI, IMEI, etc., so that the subscription information of the terminal device can be obtained according to the TAU request. Based on this, the specific flow of step S220 of the method is shown in fig. 8, and includes the following steps:
step S321: and acquiring the subscription information of the terminal equipment from a user database according to the TAU request.
Specifically, the 4G MME acquires, to an HSS (Home Subscriber Server), subscription information related to the terminal device according to a TAU request sent by the terminal device. Exemplarily, the 4G MME sends an Update Location Request message to the HSS according to the TAU Request sent by the terminal device, and acquires subscription information of the terminal device through an Update Location Answer (Location Update response) returned by the HSS.
In order to ensure the network access security of the terminal device, the 4G MME initiates an authentication security procedure to the terminal device to ensure the network access security of the terminal device before acquiring the subscription information of the terminal device from the user database according to the TAU request. The steps are as follows: and initiating an authentication security flow to the terminal equipment, and determining whether to acquire the subscription information of the terminal equipment from a user database according to the TAU request according to the feedback of the terminal equipment. Specifically, the 4G MME sends an Authentication Request message to the terminal device according to the Authentication vector, authenticates the terminal device, and then the 4G MME determines whether to acquire subscription information of the terminal device from a user database according to the Authentication Response message returned by the terminal device according to the TAU Request. If the Authentication is determined to be successful according to the Authentication Response message returned by the terminal equipment, the 4G MME determines to acquire the subscription information of the terminal equipment from a user database according to the TAU request; and if the Authentication is determined to be unsuccessful according to the Authentication Response message returned by the terminal equipment, the 4G MME determines not to acquire the subscription information of the terminal equipment from a user database according to the TAU request.
If there is no Authentication vector before the 4G MME sends the Authentication Request message to the terminal device, before initiating an Authentication security procedure to the terminal device, the method further includes the following steps:
and acquiring an authentication vector, wherein the authentication vector is used for initiating an authentication security process to the terminal equipment.
Specifically, the 4G MME EPS sends an Authentication Information Request message to the HSS to obtain an Authentication Information Answer message responded by the HSS, where the Authentication Information Answer message includes an Authentication vector, such as an EPS security vector, and the Authentication vector is used to initiate an Authentication security procedure to the terminal device.
Illustratively, to further ensure the Security of network access of the terminal device, when the 4G MME initiates an authentication Security procedure to the terminal device, the 4G MME sends a Security Request message to the terminal device, so that the terminal device encrypts according to the Security Request message, and specifically, the 4G MME may determine whether the terminal device encrypts according to a Security Response message returned by the terminal device.
Step S322: and determining whether to reject the terminal equipment to access the 4G network or not according to the subscription information.
The subscription information of the terminal device includes Restriction information of the terminal device, for example, includes subscription core network Type Restriction (core Type Restriction) information and/or operator policy information, and the Restriction information is used to determine whether to deny the terminal device from accessing the 4G network.
Illustratively, the determining whether to deny the terminal device from accessing the 4G network according to the subscription information may include the following steps:
and determining whether to reject the terminal equipment to access the 4G network or not according to the signed core network type restriction information and/or the operator policy information.
Specifically, if the contracted core network type restriction information of the terminal device is EPC and/or the operator policy information of the terminal device is restriction of 4G access, the 4G MME rejects the terminal device to access the 4G network.
Step S330: and if determining that the terminal equipment is rejected to access the 4G network, sending rejection information to the terminal equipment, wherein the rejection information comprises a preset reason value, and the preset reason value is used for enabling the terminal equipment to stop sending the TAU request.
In order to avoid the situation that the terminal equipment continues to initiate the access to the 4G after receiving the message of refusing to access the network, a reason value is preset, and the preset reason value is used for enabling the terminal equipment to stop sending the TAU request. Illustratively, the preset cause value may be S1 mode not allowed. And when the 4G MME determines to reject the terminal equipment to access the 4G network, sending rejection information containing a preset reason value to the terminal equipment so that the terminal equipment stops sending the TAU request, avoiding the impact of the terminal equipment on the 4G MME, and simultaneously improving the performance index of the 4G access success rate.
For example, if it is determined that the terminal device is rejected from accessing the 4G network, sending rejection information to the terminal device may specifically include: if the fact that the terminal equipment is refused to access the 4G network is determined, and the reason that the terminal equipment is refused to access the 4G network is determined to be a preset reason, a preset reason value corresponding to the preset reason is obtained, the preset reason value is sent to the terminal equipment, and the preset reason value is used for enabling the terminal equipment to stop sending the TAU request.
In order to improve the network access efficiency of the terminal device, the preset cause value is further used for enabling the terminal device to send a 5G network access request to a 5G MME (5G mobility management entity), that is, after the terminal device receives the preset cause value, the terminal device starts to send the 5G network access request to the 5G MME to access the 5G network.
In the network access control method applied to the terminal device when the terminal device sends the TAU request, after the TAU request sent by the terminal device for requesting access to the 4G network is obtained, whether the terminal device is denied access to the 4G network is determined according to the TAU request, if the terminal device is determined to be denied access to the 4G network, denial information is sent to the terminal device, the denial information includes a preset cause value, and the preset cause value is used for enabling the terminal device to stop sending the TAU request, so that the terminal device can be prevented from continuously initiating the TAU request for accessing the 4G network after receiving the message for denying access to the network, meanwhile, the terminal device is prevented from impacting a 4G MME, and the performance index of the 4G access success rate is improved.
Example four
Fig. 9 is another network access method of a terminal device according to an embodiment of the present application, where the network access method of the terminal device is applied to the terminal device, where the terminal device may be an electronic device such as a mobile phone, a tablet computer, a notebook computer, a desktop computer, a personal digital assistant, and a wearable device. Specifically, the terminal device is equipped with a SIM card (Subscriber Identity Module) or a virtual SIM card.
As shown in fig. 9, the method includes the steps of:
step S410: and sending a 4G network access request to a 4G mobility management entity.
Specifically, the terminal device sends a 4G network access request to a 4G MME (4G mobility management entity) to request to join the 4G network. Wherein the 4G network access request comprises an attach request and/or a TAU request. For example, the terminal device initiates an Attach Request, sends an Attach Request message for connecting to the 4G network to the 4G MME, and initiates an Attach procedure to connect to the 4G network; or, for example, the terminal device sends a TAU Request message to the 4G MME requesting initiation of a TAU procedure to connect to the 4G network. The attachment process is a process in which the terminal device registers on the 4G MME, and is a first process after the terminal device is powered on. The attachment process comprises the steps of mutual authentication between the terminal equipment and the 4G MME, position registration of the terminal equipment and the like, and after the attachment process is completed, the terminal equipment can be accessed to the 4G network. TAU (Tracking Area Update), when a mobile station moves from one TA to another TA, location registration must be re-performed on the new TA to inform the network to change its stored location information of the mobile station. If the 4G MME passes the TAU Request of a terminal device, the terminal device may access the 4G network.
Step S420: and if rejection information sent by the 4G mobility management entity is received and the rejection information comprises a preset reason value, stopping sending the 4G network access request.
Specifically, when the rejection information sent by the 4G MME is acquired and the rejection information includes a preset cause value, the sending of the attach request and/or the TAU request to the 4G MME is stopped. Illustratively, the preset cause value may be S1 mode not allowed.
For example, after receiving the rejection information sent by the 4G mobility management entity and the rejection information includes a preset cause value, the method may further include: sending a 5G network entry request to a 5G MME (5G mobility management entity). Illustratively, the preset cause value may be S1 mode not allowed. In another network access control method for a terminal device, provided in the foregoing embodiment, after sending a 4G network access request to a 4G MME and receiving rejection information including a preset cause value sent by the 4G mobility management entity, sending of the 4G network access request to the 4G MME is stopped, so that impact on the 4G MME by the terminal device can be avoided, and a performance index of a 4G access success rate is improved.
EXAMPLE five
Fig. 10 is a schematic block diagram of a structure of a computer device according to an embodiment of the present application. The computer device may be a server or a terminal device.
As shown in fig. 10, the computer device includes a processor, a memory, and a network interface connected by a system bus, wherein the memory may include a nonvolatile storage medium and an internal memory.
The non-volatile storage medium may store an operating system and a computer program. The computer program includes program instructions that, when executed, cause a processor to perform any one of the network access control methods for a terminal device.
The processor is used for providing calculation and control capability and supporting the operation of the whole computer equipment.
The internal memory provides an environment for running a computer program in the nonvolatile storage medium, and the computer program, when executed by the processor, causes the processor to execute any network access control method of the terminal device.
The network interface is used for network communication, such as sending assigned tasks and the like. Those skilled in the art will appreciate that the architecture shown in fig. 9 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
Wherein, in one embodiment, the processor is configured to execute a computer program stored in the memory to implement the steps of:
acquiring a 4G network access request sent by terminal equipment;
determining whether to reject the terminal equipment to access the 4G network or not according to the 4G network access request;
and if determining that the terminal equipment is rejected to access the 4G network, sending rejection information to the terminal equipment, wherein the rejection information comprises a preset reason value, and the preset reason value is used for enabling the terminal equipment to stop sending the 4G network access request.
In an embodiment, when implementing the obtaining of the 4G network access request sent by the terminal device, the processor is configured to implement:
acquiring an attachment request and/or a TAU request sent by terminal equipment;
the preset reason value is used for stopping the terminal equipment from sending the attach request and/or the TAU request.
In one embodiment, the processor, when implementing the determining whether to deny the terminal device access to the 4G network according to the 4G network access request, is configured to implement:
acquiring the subscription information of the terminal equipment from a user database according to the 4G network access request;
and determining whether to reject the terminal equipment to access the 4G network or not according to the subscription information.
In an embodiment, when implementing the acquiring of the subscription information of the terminal device from the subscriber database according to the 4G network access request, the processor is configured to implement:
and initiating an authentication security flow to the terminal equipment, and determining whether to acquire the subscription information of the terminal equipment from a user database according to the 4G network access request according to the feedback of the terminal equipment.
In one embodiment, before implementing the initiating of the authentication security procedure to the terminal device, the processor is configured to implement:
and acquiring an authentication vector, wherein the authentication vector is used for initiating an authentication security process to the terminal equipment.
In an embodiment, the subscription information includes subscription core network type restriction information and/or operator policy information, and the processor, when implementing the determining whether to deny the terminal device from accessing the 4G network according to the subscription information, is configured to implement:
and determining whether to reject the terminal equipment to access the 4G network or not according to the signed core network type restriction information and/or the operator policy information.
In an embodiment, when the determining whether to deny the terminal device from accessing the 4G network according to the subscribed core network type restriction information and/or the operator policy information is implemented, the processor is configured to implement:
and if the type restriction information of the signed core network is EPC and/or the operator policy information is restricted 4G access, rejecting the terminal equipment to access the 4G network.
In one embodiment, the processor, when implementing sending rejection information to the terminal device if it is determined to reject the terminal device from accessing the 4G network, is configured to implement:
if the fact that the terminal equipment is refused to access the 4G network is determined, and the reason that the terminal equipment is refused to access the 4G network is determined to be a preset reason, a preset reason value corresponding to the preset reason is obtained, the preset reason value is sent to the terminal equipment, and the preset reason value is used for enabling the terminal equipment to stop sending the 4G network access request.
The embodiments of the present application also provide a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, where the computer program includes program instructions, and a method implemented when the program instructions are executed may refer to the embodiments of the network access control method of the terminal device in the present application.
One of ordinary skill in the art will appreciate that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof.
In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the physical components may be implemented as software executed by a Processor, or as hardware, or as an Integrated Circuit, such as an Application Specific Integrated Circuit (ASIC), wherein the Processor may be a Central Processing Unit (CPU), or other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, or the like. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
In the computer device and the computer-readable storage medium provided in the foregoing embodiment, after the 4G network access request sent by the terminal device is obtained, it is determined whether to deny the terminal device from accessing the 4G network according to the 4G network access request, and if it is determined that to deny the terminal device from accessing the 4G network, reject information is sent to the terminal device, where the reject information includes a preset cause value, and the preset cause value is used to cause the terminal device to stop sending the 4G network access request, so that the terminal device can be prevented from continuously initiating a 4G network access request for accessing the 4G network after receiving the message for denying network access, and meanwhile, the terminal device is prevented from impacting a 4G MME, and a performance index of a 4G access success rate is improved.
It is to be understood that the terminology used in the description of the present application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of the present application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should also be understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments. While the invention has been described with reference to specific embodiments, the scope of the invention is not limited thereto, and those skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (14)
1. A network access control method of a terminal device is characterized by comprising the following steps:
acquiring a 4G network access request sent by terminal equipment;
determining whether to reject the terminal equipment to access the 4G network or not according to the 4G network access request;
and if determining that the terminal equipment is rejected to access the 4G network, sending rejection information to the terminal equipment, wherein the rejection information comprises a preset reason value, and the preset reason value is used for enabling the terminal equipment to stop sending the 4G network access request.
2. The network access control method according to claim 1, wherein the acquiring the 4G network access request sent by the terminal device includes:
acquiring an attachment request and/or a TAU request sent by terminal equipment;
the preset reason value is used for stopping the terminal equipment from sending the attach request and/or the TAU request.
3. The network access control method of claim 1, wherein the determining whether to deny the terminal device access to the 4G network according to the 4G network access request comprises:
acquiring the subscription information of the terminal equipment from a user database according to the 4G network access request;
and determining whether to reject the terminal equipment to access the 4G network or not according to the subscription information.
4. The network access control method according to claim 3, wherein the obtaining subscription information of the terminal device from a subscriber database according to the 4G network access request includes:
and initiating an authentication security flow to the terminal equipment, and determining whether to acquire the subscription information of the terminal equipment from a user database according to the 4G network access request according to the feedback of the terminal equipment.
5. The network access control method according to claim 4, wherein before initiating the authentication security procedure to the terminal device, the method further comprises:
and acquiring an authentication vector, wherein the authentication vector is used for initiating an authentication security process to the terminal equipment.
6. The network access control method according to claim 3, wherein the subscription information includes subscription core network type restriction information and/or operator policy information;
the determining whether to deny the terminal device to access the 4G network according to the subscription information includes:
and determining whether to reject the terminal equipment to access the 4G network or not according to the signed core network type restriction information and/or the operator policy information.
7. The network access control method according to claim 6, wherein the determining whether to deny the terminal device access to the 4G network according to the contracted core network type restriction information and/or the operator policy information includes:
and if the signed core network type restriction information is an EPC core network and/or the operator policy information is restriction of 4G access, rejecting the terminal equipment to access the 4G network.
8. The network access control method according to any one of claims 1 to 7, wherein the preset cause value is used for causing the terminal device to send a 5G network access request to a 5G mobility management entity.
9. The network access control method according to claim 1, wherein the sending rejection information to the terminal device if it is determined that the terminal device is rejected from accessing the 4G network comprises:
if the fact that the terminal equipment is refused to access the 4G network is determined, and the reason that the terminal equipment is refused to access the 4G network is determined to be a preset reason, a preset reason value corresponding to the preset reason is obtained, the preset reason value is sent to the terminal equipment, and the preset reason value is used for enabling the terminal equipment to stop sending the 4G network access request.
10. A network entry control device of a terminal device, characterized in that the device comprises a memory, a processor, a program stored on the memory and executable on the processor, and a data bus for implementing a connection communication between the processor and the memory, the program, when executed by the processor, implementing the steps of the network entry control method of a terminal device according to any one of claims 1-9.
11. A network access method of a terminal device is characterized by comprising the following steps:
sending a 4G network access request to a 4G mobility management entity;
and if rejection information sent by the 4G mobility management entity is received and the rejection information comprises a preset reason value, stopping sending the 4G network access request.
12. The network access control method according to claim 11, wherein the sending the 4G network access request to the 4G mobility management entity includes:
sending an attach request and/or a TAU request to a 4G mobility management entity;
if the rejection information sent by the 4G mobility management entity is received and the rejection information includes a preset cause value, stopping sending the 4G network access request, including:
and if the rejection information sent by the 4G mobility management entity is received and the rejection information comprises a preset reason value, stopping sending the attach request and/or the TAU request.
13. The network access control method according to any of claims 11-12, wherein if rejection information sent by the 4G mobility management entity is received and the rejection information includes a preset cause value, a 5G network access request is sent to a 5G mobility management entity.
14. A storage medium for computer-readable storage, characterized in that the storage medium stores one or more programs, which are executable by one or more processors to implement the steps of the network entry control method of a terminal device according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010408938.2A CN113747440A (en) | 2020-05-14 | 2020-05-14 | Network access control method and device for terminal device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010408938.2A CN113747440A (en) | 2020-05-14 | 2020-05-14 | Network access control method and device for terminal device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113747440A true CN113747440A (en) | 2021-12-03 |
Family
ID=78723467
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010408938.2A Pending CN113747440A (en) | 2020-05-14 | 2020-05-14 | Network access control method and device for terminal device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113747440A (en) |
-
2020
- 2020-05-14 CN CN202010408938.2A patent/CN113747440A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8185936B1 (en) | Automatic device-profile updates based on authentication failures | |
| EP3381209B1 (en) | Method and apparatus for managing profiles | |
| CN112654033B (en) | Service opening method and device | |
| US8539607B2 (en) | Method for validating user equipment, a device identity register and an access control system | |
| US20150099562A1 (en) | Method, Terminal, Server, and System for Multiple Terminals to Share Virtual SIM Card | |
| US11638141B1 (en) | Remote sim unlock (RSU) implementation using blockchain | |
| CN106664521A (en) | Enforcing service policies in embedded uiccs | |
| CN104081403A (en) | Mobile device-type locking | |
| US20200100111A1 (en) | Connection establishment method, device, and system | |
| WO2019237542A1 (en) | Application login method and apparatus for electronic device, and electronic device and medium | |
| WO2022148254A1 (en) | User information analysis result feedback method and device thereof | |
| EP4135378A1 (en) | Method, apparatus and device for controlling network slice authentication, and storage medium | |
| US9883402B2 (en) | Method, terminal and server for processing information, and communication method and system | |
| WO2018010480A1 (en) | Network locking method for esim card, terminal, and network locking authentication server | |
| CN105379323B (en) | Method, equipment and system for controlling total amount of online attached users | |
| US10820200B2 (en) | Framework for securing device activations | |
| CN107710673A (en) | The method and apparatus of authenticating user identification | |
| CN113747440A (en) | Network access control method and device for terminal device and storage medium | |
| CN113676985B (en) | Terminal access control method, device, system, terminal and electronic equipment | |
| SE1751485A1 (en) | Methods, subscriber identity component and managing node for providing wireless device with connectivity | |
| CN111163039B (en) | Authentication method, authentication server, authentication terminal and authentication equipment | |
| EP3346670A1 (en) | Method for protecting machine type communication device, network entity, and mtc device | |
| CN114584479A (en) | Network element control method, network element entity, system and storage medium | |
| US10623953B1 (en) | System, method, and computer program for performing WiFi device authentication utilizing a calling line identification (CLI) as a passcode | |
| CN108076009B (en) | Resource sharing method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |